ASIC warns industry on cyber security

The corporate regulator has commended the cyber resilience of the ASX and Chi-X, but at the same time has encouraged the broader financial services industry to examine its information security arrangements.

An ASIC report found that both ASX and Chi-X are meeting their statutory obligations to have sufficient resources in place for the management of cyber resilience.

“Because of the dynamic nature of the cyber threat landscape, a comprehensive and long-term commitment to cyber resilience is essential to assist all organisations and the Australian economy to manage this threat,” ASIC commissioner Cathie Armour said.

The report highlighted that cyber resilience is one of the most significant concerns for the financial services industry.

As a result, ASIC has called on the industry to address cyber resilience by reviewing the systems and processes currently in place to address critical issues.

“We also strongly encourage organisations to share threat intelligence and collaborate with industry peers to improve cyber resilience practices across the financial services industry,” a statement issued by ASIC said.

“Key areas identified in the report for organisations to focus on include comprehensive and ongoing board engagement and responsive governance practices that are clearly aligned with an organisation’s wider strategy,” it said.

Moreover, the report emphasised the need for senior management within organisations to monitor threats from internal and third-party sources.

Regarding ASX and Chi-X, the report found the organisations’ cyber resilience to be “repeatable” or “adaptive”.

According to ASIC, both organisations have information security in place, and these arrangements can be reviewed and updated. Further, both organisations communicate threats across the company, have response and recovery plans, and define cyber security roles within a senior management level.